<?
/*
 * Copyright 2004-2005 Sigve Indregard.
 *
 * This file is part of Laivsys.
 *
 * Laivsys is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Laivsys is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Laivsys; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

/*
 * $Id: auth.php 6 2005-07-11 23:14:47Z say $
 */
 
if ($_SESSION['admAuthStatus'] != 'authorized') {
	//we got an unauthorized kid

	//is he attempting login?
	if ($_REQUEST['login'] == 'true') {
		//check credentials
		$user=mysql_escape_string($_REQUEST['user']);
		$password=mysql_escape_string($_REQUEST['password']);
		$laiv=mysql_escape_string($_REQUEST['laivID']);
		
		$sql="SELECT * FROM admins WHERE username='$user' AND password='$password'";
		$res=mysql_query($sql) or die(mysql_error());
		if (mysql_num_rows($res) == 0) {
			failedscreen();
			die();
		} else {
			// yahoo - we're logged in
			$rs=mysql_fetch_assoc($res);
			$_SESSION['admAuthStatus'] = 'authorized';
			$_SESSION['admUserName'] = $rs['username'];
			$_SESSION['admLaivID'] = $laiv;
		}
	} else {
		//print loginscreen
		loginscreen();
		die();
	}
} elseif ($_REQUEST['logout'] == 'true') {
	$_SESSION['admAuthStatus'] = "";
	$_SESSION['admUserName'] = "";
	echo "<h1>Logget ut</h1>\n";
	echo "<p>Du har blitt logget ut. <a href=\"index.php\">Logg inn igjen</a>, eller <a href=\"../index.php\">g� tilbake</a>.</p>\n";
	exit();
}

function boxtop($header) {
	?>
	<html>
	<head>
	<title>laivsys - <?=$header?></title>
	</head>
	<body bgcolor="#000000">
		<center>
		<table style="width:300px;margin-top:2cm;border:2px solid white;padding:10px">
		<tr><td style="background:#ffffff;color:#000000">
			<font size="+3"><?=$header?></font><p>
	<?
}

function boxbottom() {
	?>
	</td></tr>
	</table>
	</body>
	</center>
	</html>
	<?
}

function loginscreen() {
	boxtop("Logg inn");
	?>
	<form method="post" action="<?=$_SERVER['PHP_SELF']?>">
	<input type="hidden" name="login" value="true">
	<table>
	<tr>
		<td>Brukernavn:</td>
		<td><input name="user"></td>
	</tr>
	<tr>
		<td>Passord:</td>
		<td><input name="password" type="password"></td>
	</tr>
	<tr>
		<td>Laiv:</td>
		<td><select name="laivID">
		<?
		$sql="SELECT ID, Tittel FROM Laiv ORDER BY Startdato DESC";
		$laivs=mysql_query($sql);

		while ($laiv=mysql_fetch_assoc($laivs))
			echo "<option value=\"{$laiv['ID']}\">".$laiv['Tittel']."</option>\n";
		?>
		</select></td>
	<tr>
		<td></td>
		<td><input type="submit" value="Logg inn"></td>
	</tr>
	</table>
	</form>
	<?
	boxbottom();
}

function failedscreen() {
	boxtop("Feil");
	?>
	Brukernavnet eller passordet du oppga er feil.
	<?
	boxbottom();
}

$laivid = $_SESSION['admLaivID'];
?>
